Wednesday, June 24, 2009

Podcast: Crypto-Gram 15 Oct 2005 Security works best when the entity that is in the best position to mitigate the risk is responsible for that risk.

Podcast: Crypto-Gram 15 Oct 2005 Security works best when the entity that is in the best position to mitigate the risk is responsible for that risk.

from the October 15, 2005 Crypto-Gram Newsletter
by Bruce Schneier

* Phishing

Financial companies have until now avoided taking on phishers in a serious way, because it's cheaper and simpler to pay the costs of fraud.

Financial institutions make it too easy for a criminal to commit fraudulent transactions, and too difficult for the victims to clear their names.

Security works best when the entity that is in the best position to mitigate the risk is responsible for that risk. Making financial institutions responsible for losses due to phishing and identity theft is the only way to deal with the problem. And not just the direct financial losses -- they need to make it less painful to resolve identity theft issues, enabling people to truly clear their names and credit histories.

* DUI Cases Thrown Out Due to Closed-Source Breathalyzer

People have a right to examine the evidence against them, and to contest the validity of that evidence.

* Jamming Aircraft Navigation Near Nuclear Power Plants

This certainly could help if terrorists want to fly an airplane into a nuclear power plant, but it feels like a movie-plot threat.

* Secure Flight Working Group Report

TSA unable to answer issue in regards to:
- Minimizing false positives and dealing with them when they occur.
- Misuse of information in the system.
- Inappropriate or illegal access by persons with and without permissions.
-Preventing use of the system and information processed through it for purposes other than airline passenger screening.

* The Doghouse: CryptIt

Most file encryptors use methods that rely on the theory of computational security, that is difficulty of key factorisation prevents decryption of the file. But this method may not work forever.

CryptIt is designed to use conventional XOR encryption on keys that are the same size as the file to be encrypted

* Tax Breaks for Good Security

Congress is talking -- it's just talking, but at least it's talking -- about giving tax breaks to companies with good cybersecurity.


* Judge Roberts, Privacy, and the Future

Advances in genetic mapping continue, and someday it will be easy, cheap, and detailed -- and will be able to be performed without the subject's knowledge. What privacy protections do people have for their genetic map, given that they leave copies of their genome in every dead skin cell they leave behind? What protections do people have against government actions based on this data? Against private actions?

time: 28:05
PS: this is my cheat sheet of Bruce Schneier's Podcast:
http://www.schneier.com/crypto-gram-0510.html

Labels: ,

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

Links to this post:

Create a Link

<< Home